How to use the command line version of SFTP

In this post, I will show you how I use the command line version of SFTP to log into my managed WordPress Linux server. My local machine is a Mac. I am assuming that you have some Mac/Linux command line experience, but please feel free to ask questions if something is not clear. SFTP is a secure version of the File Transfer Protocol (FTP). It works over the Secure Shell (SSH) protocol. While SFTP normally prompts for a password, we can set it up to use an SSH key pair for password-less access (which is still very secure). When we are done, we will be able to easily connect to our server using an alias. For example:

Using sftp

Shell

1

2

3

4

george@imac1:/Users/george

==>sftp wp1

Connected towp1.

sftp>

How to create an ed25519 SSH Key

I am using an ed25519 SSH key pair instead of the more traditional RSA key type. You can search the Internet to learn about the differences, but basically, the ed25519 SSH key type is newer, faster, more secure, and the keys are smaller. To generate the key, do (please replace username, example.com and server.com with your actual names):

The important things to note is that I created a unique name for my key instead of using the default name (id_ed25519). You will want to do this especially if you are defining keys for more than one server. I recommend that you use unique SSH key pairs for each server that you use. Just like you should use unique passwords for each website that you log into. Also, it’s very important that you define a very secure passphrase for your SSH key pair. I use a password generator to create a very long, complicated passphrase.

Now, we will add the SSH key to our Mac keychain (note, this only works on a Mac):

If you want to, you can open your Mac Keychain Access App and search for your SSH key, you will find it listed as an OpenSSH application password. With the SSH config file that I describe below, you will never have to enter your password or passphrase again. SFTP will get this information from your Mac keychain.

Install the SSH public key on your Linux Server

The next step is to install the public SSH key on your Linux server. The following steps assume that you can only access your server via SFTP. That is, you have no shell capabilities via a direct SSH login.

The ssh-keygen program creates two files, storing a private and public version of your SSH key. We want to upload the public version and place it in the .ssh directory and rename it as authorized_keys. The above steps assumes that you are creating ~/.ssh/authorized_keys for the first time. If you have an existing authorized_keys file, you will need to download it, add your public key to it, and then upload it back to the ~/.ssh directory. Notice, that after logging out and logging back in, we did not have to use our password.

Create an SSH Server Alias via the SSH Config file

To make this capability permanent (for example, the next time after restarting your Mac), we need to create an SSH config file that will instruct sftp to get the passphrase from the Mac’s keychain. We will also add the server alias (wp1) to this file. Here is an example config file that goes into our local (Mac) .ssh directory:

Create SSH Server Alias

Shell

1

2

3

4

5

6

7

8

9

10

11

george@imac1:/Users/george

==>cat~/.ssh/config

Host*

AddKeysToAgent yes

UseKeychain yes

AddressFamily inet

Host server.comwp1

HostName server.com

User username

IdentityFile~/.ssh/username_ed25519

The generic Host lines (*) allow me to use a passphrase that is saved in my Mac’s keychain. I also set the IP protocol is to only use IPv4 because my server only uses IPv4.

Next, I define the Host name, including the wp1 alias. I also set the username and the SSH IdentityFile that we previously created. With the addition of the SSH config file, we can now do:

Using SSH Server Alias

Shell

1

2

3

4

george@imac1:/Users/george

==>sftp wp1

Connected towp1.

sftp>

That’s about it. I can easily connect to my server using the command line version of SFTP. I do like using command line tools when it makes sense to do so. They can be very powerful when used properly. However, I will confess that when using SFTP, using a GUI SFTP application may prove very useful in some situations. The Transmit Mac App works very well for me, especially when I want to sync a remote folder with a local folder.